Thursday, April 30, 2009

Projecting Borders into Cyberspace

My Grey Goose colleague Jeffrey Carr makes a compelling argument about the need for nation-states to patrol their own territory in cyberspace. Specifically, Jeffrey writes,

One way to improve our ability to attribute attacks is to require that ISPs and nations exercise greater control. A recent breakfast conversation with a colleague on this topic resulted in what I think is a great way to assign attribution: Structure cyberspace like airspace or territorial waters with designated areas of state responsibility. In other words, each nation controls and is responsible for its own cyberspace.

In the case of airspace and territorial waters, enforcement is by international treaty. Perhaps one solution is to add cyberspace to this body of law as a fourth environment after air, land, and sea. There are penalties for violating a nation’s airspace. It seems logical to apply those penalties to cyberspace as well.

If enacted, this would put the onus on hosting companies licensed to do business in their respective countries to more vigorously enforce anti-piracy software laws, require registrars operating within their borders to make a better effort at validating WHOIS data, and require hosting companies to be more attentive to gross violations by their customers or be subject to civil and criminal penalties.

Ive expressed similar beliefs in previous blog posts on how to develop a cyber deterrence strategy. While there are certainly civil liberty, privacy, and other issues to resolve before we can implement international standards and norms regarding the use of cyberspace, the mounting losses from rampant cyber crime and espionage demonstrate the alternative of an ungoverned Internet is proving itself to be an unsustainable model.


Erin said...

Its really interesting that this post is up right now... I just took a break from writing my paper and the part I'm at is discussing how different states have different conceptions of privacy and what constitutes appropriate government censorship.

I think there are a few fundamental differences between air/land/sea and cyberspace. (1) the speed of transactions, and (2) visitors/actors/invaders/etc aren't as blatantly obvious to the naked eye. Governments would have to more closely monitor, or go looking for, illegal or dangerous behavior online.

...And this is where different states' perceptions of appropriate government surveillance would come into conflict. If the United States wanted certain people to be closely tracked online, but a European country, for example, didn't want to invade on their citizens privacy in such a way, it complicates the issue of each state patrolling its own space. I think a major step that needs to be taken is to unify state views and laws on government censorship/surveillance/etc. I think if we can get closer to a consensus on these issues, Jeffrey's proposal would greatly improve the ability to monitor and attribute attacks.

Jeffrey Michael Comfort said...

I believe this would be one way to more effectively delineate cyberspace, but I also believe it would perhaps raise more issues than it would solve. Leaving the burden of patrolling cyberspace to each individual country would only work if each country was willing and able to do such a thing. While I believe that more technologically advanced nations like the US and the UK would be up to the task and willing to deal in such a system, I do not believe these two would be representative of the general reaction. Enforcement would be the biggest issue and it would be much easier to avoid the consequences of violating a nation's cyberspace than a more physical barrier such as airspace or land borders. This is a great idea but the details must be fully worked out before it could be set into place, otherwise it would serve as nothing more than another poorly implemented act of global law.